So, per RFC, can I summarize: For SNMPv1, if the community string is incorrect, the agent should send an authenticationFailure Trap. For SNMPv2c, if the community string is incorrect, the agent should send an authenticationFailure Trap. For SNMPv3, if the auth/priv passphrases are incorrect or if the username is incorrect, the agent should send a report PDU.
Sasidevi Buchupalli -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Shield Sent: Wednesday, January 30, 2008 7:34 AM To: Karthick Babu Cc: [email protected] Subject: Re: SNMP v3 - Authentication - Report PDU/Trap On 25/01/2008, Karthick Babu <[EMAIL PROTECTED]> wrote: > RFC 3414, section 3.2 (Processing an Incoming SNMP Message), > point no. 6 says as follows : > If the authentication module returns failure, then ... > ..... an error indication (authenticationFailure) > together with the OID and value of the incremented counter is > returned to the calling module. > In the above statement, does 'error indication' means sending the 'report > pdu' or the 'authentication failure trap' to the calling module? No. Neither of these. Remember that RFC 3414 is describing the User-based Security Model, so *everything* in this document is concerned with the service primitives 'processIncomingMsg()' (section 2.5.2) and 'generateRequestMsg()/generateResponseMsg() (section 2.5.1). When it talks about returning an error indication to the calling module, this is effectively equivalent to the return value of these conceptual function calls. The "calling module" here is the next level up of the overall SNMP processing engine - in this case, the Message Processing Module. It's this MPM stage that is responsible for generating the report PDU - not the Security Subsystem itself. See RFC3411 for how all this stuff fits together (esp. section 4.4), and RFC 3412 for the SNMPv3 Message Processing Module (e.g. section 7.2, step 6, for incoming messages). Dave ------------------------------------------------------------------------ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users ============================================================ The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any reproduction, dissemination or distribution of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Tellabs ============================================================ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
